Hackers Threaten Destruction Of Obamacare Website

DDoS tool targets the federal Affordable Care Act website. But will it work?

20 Great Ideas To Steal In 2013

(click image for larger view)

"Destroy Obama Care!"

That's the not-so-subtle name of a homegrown distributed denial-of-service (DDoS) attack tool that's being advertised for download on some social networks, and which promises to overwhelm the Healthcare.gov website.

"This program continually displays alternate page of the ObamaCare website. It has no virus, Trojans, worms, or cookies. The purpose is to overload the ObamaCare website, to deny serivce [sic] to users and perhaps overload and crash the system," reads the program's grammar- and spelling-challenged "about" screen. "You can open as many copies of this program as you want. Each copy opens multiple links to the site."

"ObamaCare is an affront to the Constitutional rights of the people," it adds. "We HAVE the right to CIVIL disobedience!"

This is hardly the first DDoS attack tool designed to right perceived political wrongs, according to Marc Eisenbarth, research manager at DDoS defense firm Arbor Networks. "This application continues a trend [Arbor] is seeing with denial-of-service attacks being used as a means of retaliation against a policy, legal rulings or government actions," he said in a blog post.

Indeed, by 2011, Arbor was reporting that half of all DDoS attacks seemed to be driven by ideological motives. Some recent examples have included attacks against everyone from U.S. financial institutions and the Vaticanto Mexican drug cartels and North Korean government sites.

In this case, the anti-Obamacare DDoS tool, which is written in Delphi, is designed to launch numerous layer seven -- application-layer -- requests to the Affordable Care Act website (www.healthcare.gov) as well as the site's contact page (www.healthcare.gov/contact-us). The intent is to overwhelm the sites with traffic, making them inaccessible to would-be insurance buyers.

Could this attack application be the nail in the coffin for the Healthcare.gov insurance exchange website, which has faced a rocky launch since its Oct. 1 rollout? The fallout from the botched launch has already lead to the CIO of the Centers for Medicare & Medicaid Services deciding to defect to the "private sector"for an undisclosed position, and President Obama continually promising that the site's kinks will soon be worked out.

Eisenbarth said this DDoS tool most likely can't deliver what it promises. "The request rate, the non-distributed attack architecture and many other limitations make this tool unlikely to succeed in affecting the availability of the healthcare.gov site," he said. Furthermore, he noted that to date, Arbor has seen no "active use of this software."

In part, the tool's apparent inability to take down targeted Healthcare.gov websites demonstrates how grassroots DDoS attacks often face an uphill battle, owing to either technical problems or a lack of a critical mass of participants. Indeed, even some past, large-scale DDoS attacks launched by the hacktivist collective Anonymous didn't succeed in overwhelming targeted sites until -- reportedly -- bot-master benefactors temporarily brought legions of "zombie" PCs to bear on targeted sites.

What of the "Destroy Obama Care!" tool's premise that it allows users to exercise their right to civil disobedience? On this front, the tool's author has read his or her U.S. legal code incorrectly. Indeed, U.S. law enforcement agencies have vigorously prosecuted people who launch DDoS attacks against any website.

For example, after a DDoS tool called Low Orbit Ion Cannon(LOIC) was released under the Anonymous banner in 2010, many users found out -- the hard way -- that the tool didn't mask their IP address. As a result, when users turned the tool on websites designated for attack by Anonymous IRC chat-room operators during Operation Payback, many inadvertently transmitted not only attack packets, but their IP address.

In short order, attacked businesses -- which included MasterCard, PayPal and Visa -- reportedly shared their network logs with the FBI, which traced the IP addresses back to service providers' subscribers, and began arresting suspected LOIC users. Those arrests have been ongoing, and last month, the Department of Justice indicted 13 more men who allegedly used LOIC in 2010 and 2011 as part of Operation Payback.

At least the healthcare.gov website developers would have a better excuse if they were being attacked. Well, they're already being attacked ... but if the website was under attack by someone other than the people just trying to use the thing.

One factor not in Healthcare.gov's favor to handle an overload of requests is the fact that the site is hosted in government data centers, which don't offer the elasticity commonly associated with web services. Federal rules still prevent many agencies from hositng certain kinds of data on public or hybrid clouds, so they opt to host the data in private government-owned/managed data centers. In Healthcare.gov's case, CMS would have to acquire more servers (to have on hand during peak periods) than it has currently been authorized to buy.

A terrible idea and one that will backfire. In this country there's a fine, constitutional way to change the government. It's called voting. It actually works quite well. You may not always like the results, but the American democracy is designed for that, with checks and balances that can limit the damage from any one election. DDOS attacks on public Web sites, in contrast, are simply vandalism. That is not the American way.All they would achieve here would be to take the heat off the administration for poor Web site performance. I'm not sure why you would want to take a site off the air when, without any help from hackers, it has blotted the administration's reputation. If it fails because of a DDOS attack, guess who gets off the hook, and who will even get sympathy.The spotlight will shift instead away from the administration's failures and on to any of its vociferous opponents, including people in Congress, who consider Obamacare an evil that must be rooted out at any cost. They will be suspect, rightly or wrongly, for abetting a cyberattack on government systems and they will face a lot of pressure to disavow and condemn the attackers, creating a major distraction from their primary message.

Those "checks and balances" are a false sense of security. While Lincoln may have a point about fooling all of the people, all the time, it's just a technicality. The DC establishment is quite adept at fooling a significant majority of voters all the time. That's all that matters and out the window goes those checks and balances.

The AHCA/Obamacare is not evil. It does have good things such as removal of preexisting conditions, removal of lifetime maximums and ending the threat of being cancelled if you get an "expensive" illness. All of these have been abused by insurance companies to bankrupt families and leave the medical community holding the bag. However, the entire law was ill-conceived and passed in a complete partisan manner.

America is a land of great diversity. We should be skeptical when anything is passed without significant compromise that garners bi-partisan approval. Even though I'm a moderate and I don't typically vote for the folks who passed this bill and even though they admit they didn't understand it, I hope that we can discover it's flaws and move to quickly fix them. I don't think starting over is smart. Let's fix what's wrong with it rather than throw it out.

Unfortunately there doesn't seem to be ANY spirit of compromise on either side and we should all brace ourselves for another round debt ceiling pandering. To put us all at ease, I urge everyone to become educated about this topic. We all must understand the difference between a hitting a debt ceiling, a TRUE government shutdown and defaulting on our national debt.

Our government has plenty of annual income to make the interest payment on the current debt. About ~$3 trillion this year and the interest on our current debt is about ~$250 billion. Other than by deliberate choice and/or complete incompetence, there's no reason that we cannot continue to pay our obligations on our national debt. In fact, depending on how Amendment 14 S4 is interpreted, it's probably unconstitutional to default on our debt. It's just the DC establishment demonstrating its ability to fool a majority of voters. Don't believe what I write. Go find out for yourself. Maybe you will interpret things differently. I welcome the debate.

THANKYOU!! As in any budget (which has been so long ago it's forgotten) priorities must formulate the decisions on what we pay and what we let slide. The Obama-ites showed they know how to make things painful during the "shutdown" by such things as adding Barry-cades to the World War II Memorial that was largely privately funded.

It is how it is being done that is evil. Obamacare basically mandates how healthcare must be provided and forces the middle class to pay for the expansion of it. Big insurance businesses and healthcare providers win because risks are mitigated at the expense of the public--in particular the middle class.

Healthcare costs will continue to rise unchecked because Obamacare provides a pro-motive conduit for higher prices, more costs, and broader coverage. It does the opposite of reducing costs; It invites higher costs of goods and services by provide an even greater flow of money towards the providers.

Have you checked the prices on the exchanges in comparison to traditional plans? Costs are far higher for the vast majority of people.

The costs are higher because of provisions regarding women cannot be charged more, children can be covered until age 26 (I think it's 26), no lifetime maximums, no pre-existing conditions, cannot be cancelled if you experience an "expensive" illness and 80% of premiums must be used for non-admin expenses. Of course these were all supposed to be washed out by millions of new "healthy payees" that would enter the system and cover the costs of this grand plan. It sounds reasonable -- as reasonable as trickle down economics. Folks are always crabbing about how trickle down economics don't work yet the idea of spreading risk with new payees is nothing more than an opposite and twisted form of trickle down. It's like some sort of weird trickle up taxation.

It's a stretch to think that we're going to add millions of new healthy payees to the system. First, young people are covered until they are 26. No new payees. Second, how many 30 year old college graduates make income levels beyond levels that won't be subsidized? The 1%? That isn't going to cover it. How do these subsidies get funded? The vehemently opposed Medical device tax? As the tow truck driver in the original MIB said to the bug, "Please..."

One thing for sure... This is a giant tax increase on everyone and it's hidden in plain sight. While I can appreciate the mess we are in, make no mistake about this being a tax increase. If corporations don't, won't or cannot absorb it, those who pay taxes will be funding most of it because those are the ones that make just enough where they won't get help paying it.

The folks that crafted this not only got their 1% tax increase, they got a tax increase on everyone from the lower middle class all the way to the top. Now for the eye opener. The top 1% love it because they are going to make a killing investing in medical services corporations and big pharma. Who gets screwed again? The folks making just enough to be comfortable and perhaps trying to save a bit, perhaps even invest a bit so that someday they might not have to work so hard and enjoy their retirement -- that is, if the 401k crooks let them keep a few table scraps and don't cook up another crisis that lays waste to home values and their investments.

I agree with you, except the voting part. I know for a fact our voting is manipulated with my experience with the Norm Coleman / Al Franken deboggled election. Franken won because of fraud, but was still alllowed to stay in office. The voting was manipulated, and now with 20 million non documented ilegals in the country, No voter I.D., our laws are not being inforced to keep them from voting. Why couldnn't dishonest people manipulate voting machines? They can, we had voting machines the voted for Obama, when Romny was selected. It would sure be nice if it was as easy as voting people out.

Even if voting were perfect, would it matter? How many people truly cast an informed vote? How many people cast an unselfish vote? How many people vote for someone who "resonates" with them without truly understanding whether that person is genuine or pandering to their wants and needs.

An honest politician should be the #1 example when defining the word oxymoron. However they are seldom caught truly lying because they never say anything that's concrete or they leave out important context that makes it easy for them to dodge bullets.

When I first read the title "Hackers Threaten Destruction Of Obamacare Website", I thought they were doing us a favor. I bet hackers don't do something like that on websites from Canada, Great Britain or Argentina. (Just to mention a few countries with universal health care)

Argentina's universal health care is awesome. As a "rich foreigner" when I had to go to the emergency room there, I paid an extra $20 to skip to the head of the line to see a doctor, bypassing a wait time of around 6-8 hours.

The great thing about universal health care is that you actually get two systems... the "universal system" where the masses of humanity are trapped and an elite no-waiting system of the highest quality that the rich use.

Yes, I agree with the two systems. If nothing changed since I was down there, doctors used to go to hospitals to take care of the general population in the morning and have their own practice for "the elite" in the afternoon. But, if memory serves, you really don't have to be rich to go there.Also, if you need blood work, X rays and what not, you still can go to the hospital (where, most likely, the doc works) and doing it for free.

Maybe it's just me, but stuff like this doesn't seem helpful. There's so much opposition to the Affordable Care Act, yet all of the criticism focuses on wrecking the legislation, not on workable alternatives. Opponents can howl about the website or the health care law in general-- but unless these assertions are accompanied by viable plans, they're really about partisan obstructionism, not about making anything better. I mean, I hear some people talk about Obamacare as though the current system isn't a complete and total disaster. It is a disaster. Until more people within the "destroy Obamacare" camp have a workable alternative (and I've seen nothing productive out of this camp), I see all these protests as part of the problem.

Think of it this way: When the Occupiers camped out without any kind of plan, the far Right was only too happy to blast them for their lack of vision-- that is, the Occupiers basically wanted to point out problems without offering solutions. Is what's going on in this case, with respect to Obamacare, really so different?

There is only one workable solution to health care costs, but the powers to be do not want to change anything. Making tons of money off of the middle class is more important to them than actually creating a system where costs of healthcare goods and services is manageable.

The costs of healthcare goods and service should be affordable to typical middle class Americans without paying a cent in health care insurance. Seriously the cost of staying in a hospital and receiving care should be manageable without insurance. Every wonder why this is not the case?

The only solution is patent reform, real patent reform, specifically get rid of the patents. Because of the patent system we have monopolized goods and services that result in prices that continue to spiral up and up. Only if and when the current patent system (legalized monopoly) is seriously halted can this change.

So instead of making the changes necessary to reduce costs of goods and services we end up with laws, such as Obamacare, that mandate propping up the very model that has created this mess--the patent system.

Good points and I agree -- we shouldn't throw it out. We're too far into it and we need to try to fix it. If we can fix the parts that aren't working, it will at least be a slightly better mess than what we have now. However, I still don't think its sustainable.

If we don't want a single payer system, the only sustainable option seems to be one where people are consumers of healthcare. When someone is prescribed a $250/month Rx and pays a $25 copay, they are not a consumer. When someone is told to get an MRI and even with a 20% copay they don't check prices and realize the hospital charges $3,000 and a dedicated facility $600, they are not consumers. Yes -- even though their out of pocket is $600 vs. $180, most don't bother to compare. They simply allow their physician to schedule the appointment for them. The medical community also makes it difficult to compare because they don't want a free market. If the truth was known, a reasonable cost for an MRI is probably $100 at the hospital, where underlying expenses can be spread over a much more diverse set of services. If $100 is fantasy, how can a dedicated facility retire it's capital debt (they had to buy an expensive piece of tech), hire dedicated technicians and office staff to navigate the insurance claim submission maze, rent a office space and still not make a SIGNIFICANT profit when charging only $600? There has to be tremendous profit -- otherwise who would invest in an independent facilities that might break even or make peanuts? In a truly competitive environment, the hospital should always win since their underlying costs can always be spread over a much more diversity than an independent facility that only exists to perform one procedure. (i..e think Wal-Mart vs. a mom-n-pop five and dime.)

This isn't sustainable and I don't see anything in the AHCA that changes how the medical community games the system. To be clear, I don't necessarily blame the medical community. They aren't doing anything illegal but I wonder what their oath says about what they are doing?

I also have a friend who sells goods and services to hospitals. From his perspective, the hospitals have told him they don't make any money. In fact, he says money is very tight at hospitals and he always has a tough sell. Frankly, I find that hard to believe given the fact that the hospitals in my area are always under construction (adding new wings, departments and physician facilities) and outpatient surgery centers have come into existence that are owned by physician groups. Who is loaning these facilities money to make these capital investments when their business plans all say they will never make a profit? Are we to believe medical investment folks and Twitter investors are one in the same? Really?

"This isn't sustainable and I don't see anything in the AHCA that changes how the medical community games the system. To be clear, I don't necessarily blame the medical community. They aren't doing anything illegal but I wonder what their oath says about what they are doing?"

This resonated with me. Not too long ago, it cost me nearly $1000 to have routine blood work as part of my annual physical-- and I have health insurance! I was flabbergasted at the time, but this was shortly before the report came out that detailed how hospitals only a few miles apart charge drastically different prices for the same procedure. Confirmation of the helter-skelter nature of medical pricing made me furious. As you say, I wonder what they think of their oath. "Do no harm?" Being complicit in a pricing system that discourages people to go to the doctor isn't exactly doing "no harm." It's only one symptom of the illness that pervades the entire health care system, and like you, I can't easily blame individual doctors. But talk about a broken system.

I had a similar experience. What could have happened to you is the same thing I had happen. I've had my current physician for about ten years. I am currently taking statin and blood pressure prescriptions. Even though my cholesterol and blood pressure have been managed by these medications, about four years ago he told me he was going to order a much broader panel of blood tests that look for various diagnosis markers in my system. The markers would provide him information regarding my predisposition to heart disease and diabetes. I asked him what these tests cost and he assured me that my out of pocket would be roughly the same as the "typical blood tests".

My first surprise was when the nurse started drawing blood. Instead of the typical one or two vials, she took six (perhaps as many as eight -- I lost count). My next surprise came when bills showed up at my house. Instead of using local labs, he had sent blood work to three different testing facilities in California. Overall, the total cost for all the tests at the labs cost upwards of $5,000. Since my primary care physician ordered them, the insurance company ended up paying for most of that expense. Unfortunately and to my surprise, a deductible applied and my HSA was completely exhausted. Normally doctors office visits and preventive care are 100% covered with no deductible or copay. I also ended up getting billed by one of the labs for about $500.

I was pretty steamed and later discovered that this was yet another way to game the system. My doctor apologized and even contacted the lab on my behalf to get me a refund of the out-of-pocket expenses I had incurred. Unfortunately the refund was never made and when I explained that it's not just my OOP but the HSA money, the doctor shrugged.

Regardless, I still wasn't a true consumer. Even thought he HSA money was exhausted, I took comfort in the fact that my annual deductible was now over and anything that happened the rest of the year would be deductible free.

Then I discovered a game that the insurance company played. Even though they covered the expense because my primary care physician prescribed it, they considered it out of network. In network and out of network have separate deductibles and my out of pocket and the amount they paid were not applied to future in network activity. Of course I didn't discover this until one of my kids needed an outpatient procedure to remove a cyst inside their cheek. Here came the deductible. Luckily since the company contributed funds to the HSA I was also able to commit money to an FSA to help defer these costs. Of course that isn't free. FSA comes out of my pocket but with the advantage of lowering my AGI since its pre-tax.

FSA is just another game. It's almost like a "favor" from congress to a group of business people who wanted to create a new industry that managed healthcare expenses and tax deductions. IMO -- an example of corporate welfare not unlike the DMV satellite offices in my state. The state purposely doesn't provide enough DMV offices. Instead it grants political favors to campaign contributors to run private DMV offices that are then allowed to charge a fee on top of what the state charges for license renewals and so forth. It's a small fee $2, $4 or a bit more depending on what you need. More corporate welfare. They also offer an on-line method which, surprise, surprise, also has a fee. My gues si the on-line site is run by a private benefactor and that's why the fee is charged. I cannot imagine the state creating a web site and it not being cheaper for them to allow thousands of folks to use it instead of the state run office that require property, equipment and labor. I'm sure someone might read this and say otherwise but don't believe what they say. It's just another game to reach into our pockets by professional politics.

Perhaps it's because I'm in the UK where healthcare is available free to everyone, but I don't get why Americans think healthcare should be a privilege afforded to the rich. Surely everyone should be cared for. Obamacare always sounds like something that the US should have implemented years ago to care for it's people at all levels of society.

In the US, hospitals have always cared for people, anyone. Even when you have nothing to your name and go to the hospital, you get care. They are required by law to care for you. If they are unable to collect, they they write off the expenses as a loss. This is already established and has been this way for many years. When big-business health and insurance companies bought hospitals over the past 20 years, they decided things need to change.

Obamacare changes the landscape of who pays, not who gets care. With Obamacare, the middle class and healthy foot the bill-while the entire system is expanded to cover new risks and expenses. Obamacare is basically a law that states you must buy health care coverage, even if you don't want or need it. This allows the insurance companies and for-profit healthcare providers to enrich themselves even further. Under Obamacare, if you don't buy health care coverage you get fined.

Obamacare does nothing to limit costs of health care. It is far from free. In fact, it provides an endless unchecked flow of money to increase the costs of health care--by fleecing the middle class. I have noticed that, without doubt, health care on the exchanges costs far more than traditional plans outside of the exchange. So much for free health care, it is not happening here and Obamacare has nothing to do with "free".

Years ago many hospitals were Christian non-profit organizations. Now they are operated and controlled by large for-profit entities who want to profit from these businesses and have the influence in Washington to make it happen--hence Obamacare. The rich get richer, the poor get poorer and the middle class foot the entire bill. Only in the US.

You hit the nail on the head. We need to be consumers of healthcare. What we have now and what the AHCA reinforces is similar to the good intentions of the 401k plan. Boat loads of cash flowing into a market that isn't properly regulated and anything but free. In fact, it's guaranteed revenue and that always attracts corruption.

What I don't understand is 10 minutes later you argue that patents are what's killing healthcare.

While patents can also be used by the corrupt, if the 99% had to pay $250/month for some claimed wonder drug, how many would choose to do that? Sure, the 1% might even pay $1,000 but that's still not enough patients to convince pharma to invest. They need the entire population to be eligible so they can get millions of patients paying $250/month. The patent system isn't creating this game and patents serve a good purpose.

What needs to be fixed is firms who are patent trolls. An easy fix is require a patent to be used in an actual product within a few years by the firm that owns it. Otherwise the patent enters the public domain. That would end the trolls and force patent holders to at least sell to a company that will create a product. Plus when a patent is sold, the patent office should require licensing to competitors. Only the original inventor should be granted exclusivity when their company builds the product. I'm sure there would be loop holes with this approach where inventors are then forced to create paper-companies that are purchased and kept alive for no other purpose than to enable a company with deep pockets to fund a product and leverage exclusivity. However, it's a start over what we have now which is ridiculous.

You have radically over simplified how hospital care works without insurance. Yeah, if you need EMERGENCY care, they have to provide it. But once they alleviate that, bye-bye to you if no insurance or ability to pay yourself. For example, you go to emergency room for severe pain in stomach area. Once they determine that is because you have cancer, you are gone without insurance. They don't have to cure your cancer.Now, if you are poor enough, you can qualify for Medicare (paid by taxpayers, mostly middle class). If you are rich, you just pay for it. If you are middle class, no Medicare for you. You're only choice is to raise money by selling your house and every other valuable possession you spent your life working for and hope it is enough to treat you. Which at cost of cancer treatment today, it won't be.ACA is certainly not perfect legislation yet and does nothing by itself to reign in the cost of healthcare, as some of you have pointed out. But it is an effort to keep people from getting their lives destroyed by an illness they certainly didn't want to have. Now we have to keep working on rest on the problems in system.I understand artigat1's comment about UK system but it also oversimplified. The taxes in UK are paying for this. Whether that tax burden is better than US taxes + our health insurance, I don't know. That would determine which method is best. If UK has implemented programs to contain cost and keep taxes at reasonable level, they are light years ahead of where we are in US right now.

It's not just cost, it's quality. UK may have great quality, equal or surpassing US. If the UK is better, that has to be factored into any potential greater cost and likewise, any potential lesser cost. If it's worse, that too has to be considered in terms of which country is getting better value for their money and what each country expects from healthcare.

I believe a large portion of the US's healthcare costs are from corruption present in treating the elderly. Although some blame tort reform, two members of my family have worked as nurses in retirement facilities and they claim the medical community abuses folks who no longer have the capacity to understand the care they need. Endless lab tests are performed whenever an ache or pain is reported. Perhaps they do this to protect themselves from malpractice but their experience suggests something different when the physician also happens to own the lab. It's not illegal but it's likely billions in wasted procedures.

"Healthcare" (read "disease management") is free in the UK?!! You mean you don't have to pay any taxes to support your system, so the doctors, nurses, hospital maintenance and grounds crews, etc., all work for free?!! Wow!! What an awesome system you have there!! I'll bet you even have "free" education!!

Rebellion or insurrection - Whoever incites, sets on foot, assists, or engages in any rebellion or insurrection against the authority of the United States OR THE LAWS THEREOF, or gives aid or comfort thereto, shall be fined under this title or imprisoned not more than ten years, or both; and shall be incapable of holding any office under the United States.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.